class NotesController < ApplicationController
   before_filter :login_required

   # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
   verify :method => :post, :only => [ :destroy, :create, :update ],
         :redirect_to => { :action => :show }

   def show
    @notes = Task.find(params[:id]).notes.reverse
    #@newn = Note.new
   end

   def create
    note = Note.new(params[:new])
    note.task_id = params[:task_id]
    note.user_id = session['user'].id
    note.updated_by = session['user'].id
    note.save!
    redirect_to :action => 'show', :id => params[:task_id]
   end

   def edit
    @note = Note.find(params[:id])
   end

   def update
    note = Note.find(params[:id])
    
    if note.update_attributes(params[:note])
      flash[:notice] = 'Note was successfully updated.'
      redirect_to :action => 'show', :id => @note
    else
      render :action => 'edit'
    end
   end

   # Ajaxed
   def delete
      id = params[:id]
      #t = Note.find(id)
      #if t == nil or not session['user'].projects.map {|p| p.id}.include?(t.project_id)
      #   render_text '-1'
      #   return
      #end
      if Note.destroy(id)
         render_text "#{id}"
      else
         render_text '-1'
      end
   end
end
